Merge branch 'collective:master' into feat/oss-fuzz-integration

2023-10-27 21:45:08 -04:00 · 2023-10-27 21:45:08 -04:00 · 0d4b58918a
commit 0d4b58918a
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@ -2,35 +2,42 @@ name: CIFuzz
 on: [pull_request]
 permissions: {}
 jobs:
- Fuzzing:
-   runs-on: ubuntu-latest
-   permissions:
-     security-events: write
-   steps:
-   - name: Build Fuzzers
-     id: build
-     uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
-     with:
-       oss-fuzz-project-name: 'icalendar'
-       language: python
-   - name: Run Fuzzers
-     uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
-     with:
-       oss-fuzz-project-name: 'icalendar'
-       language: python
-       fuzz-seconds: 600
-       output-sarif: true
-   - name: Upload Crash
-     uses: actions/upload-artifact@v3
-     if: failure() && steps.build.outcome == 'success'
-     with:
-       name: artifacts
-       path: ./out/artifacts
-   - name: Upload Sarif
-     if: always() && steps.build.outcome == 'success'
-     uses: github/codeql-action/upload-sarif@v2
-     with:
-      # Path to SARIF file relative to the root of the repository
-      sarif_file: cifuzz-sarif/results.sarif
-      checkout_path: cifuzz-sarif
+  Fuzzing:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'icalendar'
+        language: python
+    - name: Run Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'icalendar'
+        language: python
+        fuzz-seconds: 600
+        output-sarif: true
+    - name: Upload Crash
+      uses: actions/upload-artifact@v3
+      if: failure() && steps.build.outcome == 'success'
+      with:
+        name: artifacts
+        path: ./out/artifacts
+    - name: Upload Sarif
+      if: always() && steps.build.outcome == 'success'
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        # Path to SARIF file relative to the root of the repository
+        sarif_file: cifuzz-sarif/results.sarif
+        checkout_path: cifuzz-sarif

+  check-distribution:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Do not include Apache files in the distribution.
+      run: |
+        src/icalendar/tests/test_create_release.sh
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -111,19 +111,19 @@ jobs:
        twine check dist/*
        twine upload dist/*

-    deploy-github-release:
-      # only deploy on tags, see https://stackoverflow.com/a/58478262/1320237
-      if: startsWith(github.ref, 'refs/tags/v')
-      needs:
-        - run-tests
-      runs-on: ubuntu-latest
-      environment:
-        name: github-release
-      steps:
-        - uses: actions/checkout@v2
-        - name: create release
-          uses: elgohr/Github-Release-Action@v4
-          env:
-            GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
-          with:
-            title: ${{ github.ref_name }}
+  deploy-github-release:
+    # only deploy on tags, see https://stackoverflow.com/a/58478262/1320237
+    if: startsWith(github.ref, 'refs/tags/v')
+    needs:
+      - run-tests
+    runs-on: ubuntu-latest
+    environment:
+      name: github-release
+    steps:
+      - uses: actions/checkout@v2
+      - name: create release
+        uses: elgohr/Github-Release-Action@v4
+        env:
+          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+        with:
+          title: ${{ github.ref_name }}
--- a/MANIFEST.in
+++ b/MANIFEST.in
@ -2,3 +2,4 @@ include *.rst tox.ini
 graft docs
 recursive-include src/icalendar *
 recursive-exclude src/icalendar *.pyc *~
+recursive-exclude src/icalendar/fuzzing *.py *.sh
--- a/setup.py
+++ b/setup.py
@ -52,7 +52,7 @@ setuptools.setup(
    author_email='plone-developers@lists.sourceforge.net',
    url='https://github.com/collective/icalendar',
    license='BSD',
-    packages=setuptools.find_namespace_packages('src'),
+    packages=setuptools.find_namespace_packages('src', exclude=["icalendar.fuzzing"]),
    package_dir={'': 'src'},
    include_package_data=True,
    zip_safe=False,
--- a/src/icalendar/tests/test_create_release.sh
+++ b/src/icalendar/tests/test_create_release.sh
@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# Create a release file and test it.
+#
+
+set -e
+cd "`dirname \"$0\"`"
+cd "../../.."
+
+python3 setup.py sdist
+archive=`echo dist/icalendar-*.tar.gz`
+
+if ! [ -f "$archive" ]; then
+  echo "ERROR: Cannot find distribution archive '$archive'."
+  exit 1
+fi
+
+if tar -tf "$archive" | grep 'fuzzing/'; then
+  echo "ERROR: Fuzzing files are included in the release."
+  echo "       See https://github.com/collective/icalendar/pull/569"
+  exit 1
+fi
+
+echo "Checks passed."